ISO 27001;2013 Awareness for Employees V2 – Lesson 1 “Introduction”



What is ISO 27001

ISO 27001 is a system to manage an organisation’s information security. It provides a framework of procedures, policies and processes covering the legal, technical and physical aspects of managing risk to the security of information in an organisation.

Working to ISO 27001 is likely to reduce the risk of costly and damaging incidents.  It gives organisations the opportunity to improve through formal processes and demonstrate commitment to information security.


Certification Cycle

 The diagram (above) shows the typical ISO certification process.

Certification is achieved after the stage 2 visit and your certificate will be available a short time after the audit.


For the stage 2 visit there needs to be at least three months of records to show that the management system has been successfully operating in the organisation.

Certificates are valid for three years,  at which time a recertification audit is required.

During the three years, shorter surveillance audits are undertaken periodically to sample different areas of the management system.

The certification body will plan all the visits for the three year cycle during the Stage 2 audit. So you will know which dates they are coming and roughly what areas they will be auditing.

Assent Risk Management can provide support through the whole ISO certification process.